United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
I nilid Stall-, Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 



APPLICATION NO. 



10/605,189 



FILING DATE 



(W/l 2/2002 



FIRST NAMED INVENTOR 



28653 7590 08 

JOHN A. SMART 
201 LOS GATOS 
SARATOGA RD, #161 
LOS GATOS, CA 95030-5308 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



TRUVAN, LEYNNA THANH 



PAPER NUMBER 



DELIVERY MODE 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



l/ffflrC? nVrliUli Otfff Iff ids y 


Application No. 

10/605,189 


Applicant(s) 

FREUND, GREGOR P. 


Examiner 

Leynna T. Truvan 


Art Unit 

2435 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 17 April 2009 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-47 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-47 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) ^| Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



PTOL-T26 d (Rev e 08-06r 



Office Action Summary 



Part of Paper No./Mail Date 20090802 



Application/ Control Number: 10/605,189 Page 2 

Art Unit: 2435 

DETAILED ACTION 

1. Claims 1-47 are pending. 

2. In view of the Appeal Brief filed on 4/17/2009, PROSECUTION IS 
HEREBY REOPENED. A Non-Final Rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of 
the following two options: 

(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a 
reply under 37 CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 
followed by an appeal brief under 37 CFR 41.37. The previously paid notice of 
appeal fee and appeal brief fee can be applied to the new appeal. If, however, 
the appeal fees set forth in 37 CFR 41.20 have been increased since they were 
previously paid, then appellant must pay the difference between the increased 
fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening 
prosecution by signing below. 

Response to Arguments 

3. Applicant's arguments, see Appeal Brief, filed 4/18/09, with respect to 
Ablay, et al have been fully considered and are persuasive. The Final Rejection 
of 8/ 19/08 has been withdrawn. 
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During the Final, Ablay was used as a 102 or in alternative as obvious over 
Johnson where Johnson is to suggest the interprocess communication. After review 
applicants argument and finds it persuasive where Ablay did not fully disclose the 
limitation of a given application can invoke using interprocess communication to invoke 
services and trapping an attempt by a particular application to invoke a particular 
system service. Hence, a further search has found that Teal reads on the claimed 
application and Ablay is now a secondary art. Although, Teal discloses the security 
manager may define different security policies for different groupings of individual 
computer resources in the proprietary computer network (col. 14, lines 55-67), but did 
not include rules indicating which system services a given application can invoke. Ablay 
discloses the service environment can be embodied within a stand alone computer 
(col. 3, lines 20-28) and a Windows NT operating system was used to provide the 
service creation environment (col.4, lines 20-31). Ablay also discusses the computer 
operating system must provide interoperability between the higher-level applications 
and the underlying computer hardware (col.5, lines 30-35) based on rules (col. 9, lines 
14-40). Thus, shows the operating system of a computer system supports interprocess 
communication that invokes service according to an application rule in a computer 
system. Ablay discloses a service creation environment is used to create logic program 
rules based on at least one service building block. The logic program rules indicate 
identification of an authorized service execution environment where any of the at least 
one service building block used in the logic program rules can be configured to be 
responsive to at least one predetermined stimulus. Ablay states that each time the logic 
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program rules for a service are invoked in the execution environment by receipt of the 
predetermined stimulus is term an instance of the service (col. 2, line - col. 3, line 20). 
Therefore, it would have been obvious for a person of ordinary skills in the art at the 
time of the invention to combine the teachings of Teal with Ably to teach rules indicating 
which system services a given application can invoke because to provide the service 
within the system securely (col. 3, lines 17-23). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-47 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Teal, et al. (US 7,398,389) in view of Ablay, et al. (US 6,002,941). 
As per claim 1: 

Teal discloses in a computer system operating under control of an operating 
system supporting interprocess communication, a method for controlling interprocess 
communication occurring between an application executing on the computer system 
and a service provided by the operating system, the method comprising: 
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[defining rules] indicating which system services of the operating system a given 
application can invoke using interprocess communication to invoke said system 
services; (col. 12, lines 60-62 and col. 16, lines 50-64) 

trapping an attempt by a particular application to invoke a particular system 
service; (col. 14, lines 1-7 and col. 15, lines 25-31) 

identifying the particular application that is attempting to invoke the particular 
system service; and (col. 14, lines 8-10 and col. 16, lines 15-34) 

based on identity of the particular application and on the rules indicating which 
system services a given application can invoke, blocking the attempt when the rules 
indicate that the particular application cannot invoke the particular system service, 
(col. 13, lines 44-56 and col. 14, lines 60-67) 

Teal discloses the security manager may define different security policies for 
different groupings of individual computer resources in the proprietary computer network 
(col. 14, lines 55-67). However, Teal did not include rules indicating which system 
services a given application can invoke. 

Ablay discloses the service environment can be embodied within a stand alone 
computer (col. 3, lines 20-28) and a Windows NT operating system was used to provide 
the service creation environment (col.4, lines 20-31). Ablay also discusses the computer 
operating system must provide interoperability between the higher-level applications 
and the underlying computer hardware (col.5, lines 30-35) based on rules (col. 9, lines 
14-40). Thus, shows the operating system of a computer system supports interprocess 
communication that invokes service according to an application rule in a computer 
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system. Ablay discloses a service creation environment is used to create logic program 
rules based on at least one service building block. The logic program rules indicate 
identification of an authorized service execution environment where any of the at least 
one service building block used in the logic program rules can be configured to be 
responsive to at least one predetermined stimulus. Ablay states that each time the logic 
program rules for a service are invoked in the execution environment by receipt of the 
predetermined stimulus is term an instance of the service (col. 2, line - col. 3, line 20). 

Therefore, it would have been obvious for a person of ordinary skills in the art at 
the time of the invention to combine the teachings of Teal with Ably to teach rules 
indicating which system services a given application can invoke because to provide the 
service within the system securely (col.3, lines 17-23). 

As per claim 2: See Teal on col. 10, lines 1-26 and col. 16, lines 50-64; discussing 
the method of claim 1 , wherein said trapping step includes intercepting operating 
system calls for invoking the particular system service. 

As per claim 3: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9; discussing the 
method of claim 1 , wherein said trapping step includes intercepting local procedure calls 
for invoking the particular system service. 

As per claim 4: See Teal on col. 10, lines 1-26 and Ably on col.3, lines 13-22 and col.4, 
lines 34-52; discussing the method of claim 1, wherein said trapping step includes 
intercepting an attempt to open a communication channel to the particular system 
service. 

As per claim 5: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9; discussing the 
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method of claim 1 , wherein said trapping step includes rerouting an attempt to invoke 
the particular system service from a system dispatch table to an interprocess 
communication controller for determining whether to block the attempt based on the 
rules. 

As per claim 6: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 
col. 3, lines 1-9 and col. 10, lines 5-18; discussing the method of claim 5, wherein said 
step of rerouting attempts to invoke the particular system service from a dispatch table 
to the interprocess communication controller includes replacing an original destination 
address in the system dispatch table with an address of the interprocess communication 
controller. 

As per claim 7: See Ably on col. 5, lines 62-67 and col.8, lines 32-53; discussing the 
method of claim 6, further comprising the steps of: retaining the original destination 
address; and using the original destination address for invoking the particular system 
service if the interprocess communication controller determines not to block the attempt. 
As per claim 8: See Ably on col. 5, lines 40-55; discussing the method of claim 1 , 
wherein the rules specifying which system services a given application can invoke are 
established based on user input. 

As per claim 9: See Ably on col. 5, lines 40-55; discussing the method of claim 1 , 
wherein the step of blocking the attempt is based upon consulting a rules engine for 
determining whether the particular application can invoke the particular system service. 
As per claim 10: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9; discussing the 
method of claim 1 , wherein the step of blocking the attempt includes obtaining user 
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input as to whether the particular application can invoke the particular system service. 
As per claim 1 1 : See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on col. 6, 
lines 1-7; discussing the method of claim 10, wherein said step of obtaining user input 
as to whether the particular application can invoke the particular system service 
includes the substeps of: providing information to the user about the particular 
application that is attempting to invoke the particular system service; and receiving user 
input as to whether the particular application should be blocked from invoking the 
particular system service. 

As per claim 12: See Ably on col. 9, lines 8-10; discussing the computer-readable 
medium having computer-executable instructions for performing the method of claim 1 . 
As per claim 13: See Ably on col. 9, lines 8-10; discussing downloading a set of 
computer-executable instructions for performing the method of claim 1 . 
As per claim 14: 

Ablay discloses in a computer system operating under control of an operating 
system supporting interprocess communication, a method for regulating 
communications between processes that attempt to use said interprocess 
communication, the method comprising: 

defining a policy specifying whether one process may use interprocess 
communication of the operating system to communicate with another process; (col. 12, 
lines 60-62 and col. 16, lines 50-64) 

intercepting an attempt by a first process to communicate with a second process; 
(col. 14, lines 1-7 and col. 15, lines 25-31) 
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identifying the first process that is attempting to communicate with the second 
process; identifying the second process; (col. 14, lines 8-10 and col. 16, lines 15-34) 

based on said policy, determining whether the first process may communicate 
with the second process; and (col. 10, lines 1-26) 

allowing the first process to communicate with the second process if said policy 
indicates that the first process may communicate with the second process, (col. 13, 
lines 44-56 and col. 14, lines 60-67) 

Teal discloses the security manager may define different security policies for 
different groupings of individual computer resources in the proprietary computer network 
(col. 14, lines 55-67). However, Teal did not include rules indicating which system 
services a given application can invoke. 

Ablay discloses the service environment can be embodied within a stand alone 
computer (col. 3, lines 20-28) and a Windows NT operating system was used to provide 
the service creation environment (col.4, lines 20-31). Ablay also discusses the computer 
operating system must provide interoperability between the higher-level applications 
and the underlying computer hardware (col.5, lines 30-35) based on rules (col. 9, lines 
14-40). Thus, shows the operating system of a computer system supports interprocess 
communication that invokes service according to an application rule in a computer 
system. Ablay discloses a service creation environment is used to create logic program 
rules based on at least one service building block. The logic program rules indicate 
identification of an authorized service execution environment where any of the at least 
one service building block used in the logic program rules can be configured to be 
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responsive to at least one predetermined stimulus. Ablay states that each time the logic 
program rules for a service are invoked in the execution environment by receipt of the 
predetermined stimulus is term an instance of the service (col. 2, line - col. 3, line 20). 

Therefore, it would have been obvious for a person of ordinary skills in the art at 
the time of the invention to combine the teachings of Teal with Ably to teach rules 
indicating which system services a given application can invoke because to provide the 
service within the system securely (col. 3, lines 17-23). 

As per claim 15: See Ably on col. 5, lines 30-67 and col. 12, lines 39-60; discussing 
the method of claim 14, wherein the first process comprises an instance of an 
application program. 

As per claim 16: See Teal on col. 10, lines 1-26 and Ably on col. 5, lines 30-67 and 
col. 12, lines 39-60; discussing the method of claim 14, wherein the second process 
comprises a system service. 

As per claim 17: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 

col. 5, lines 30-67 and col. 12, lines 39-60; discussing the method of claim 14, wherein 

said intercepting step includes intercepting operating system calls made by the first 

process to attempt to communicate with the second process. 

As per claim 18: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 

col. 5, lines 30-67 and col. 12, lines 39-60; discussing the method of claim 14, wherein 

said intercepting step includes detecting local procedure calls. 

As per claim 19: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on col. 5, 

lines 30-67 and col. 12, lines 39-60; discussing the method of claim 14, wherein said 
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intercepting step includes detecting an attempt by the first process to open a 
communication channel to the second process. 

As per claim 20: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 
col. 5, lines 30-67 and col. 12, lines 39-60; discussing the method of claim 14, wherein 
said intercepting step includes rerouting attempts by the first process to communicate 
with the second process from a system dispatch table to an interprocess communication 
controller. 

As per claim 21 : See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 
col. 5, lines 30-67 and col. 12, lines 39-60; discussing the method of claim 14, wherein 
said step of identifying the second process includes evaluating parameters of the 
attempt made by the first process to communicate with the second process. 
As per claim 22: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 
col. 5, lines 30-67 and col. 12, lines 39-60; discussing the method of claim 14, wherein 
said policy specifies particular processes to be protected from communications made by 
other processes. 

As per claim 23: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 
col. 5, lines 30-67 and col. 12, lines 39-60; discussing the method of claim 14, further 
comprising: providing for a process to be registered in order to be protected from 
communications made by other processes; and determining whether to allow the first 
process to communicate with the second process based, at least in part, upon 
determining whether the second process is registered. 

As per claim 24: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on; 
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discussing the method of claim 23, wherein said determining step is based, at least in 
part, on the type of communication the first process is attempting with the second 
process. 

As per claim 25: 

Dugan discloses in a computer system operating under control of an operating 
system supporting interprocess communication, a method for controlling interprocess 
communications from one application to another, the method comprising: 

registering a first application to be protected from interprocess communications 
of other applications; (col. 12, lines 37-62 and col. 16, lines 50-64) 

detecting an attempt to access the first application using interprocess 
communication; (col. 14, lines 1-7 and col.15, lines 25-31) 

identifying a second application that is attempting to access the first application 
using interprocess communication; and (col. 14, lines 8-10 and col. 16, lines 15-34) 

rerouting the attempt to access the first application through an interprocess 
communication controller that determines whether to allow the attempt (col. 10, lines 1- 
26), based on rules indicating whether the second application may access the first 
application using interprocess communication, (col. 13, lines 44-56 and col. 14, lines 
60-67) 

Teal discloses the security manager may define different security policies for 
different groupings of individual computer resources in the proprietary computer network 
(col. 14, lines 55-67). However, Teal did not include rules indicating which system 
services a given application can invoke. 
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Ablay discloses the service environment can be embodied within a stand alone 
computer (col. 3, lines 20-28) and a Windows NT operating system was used to provide 
the service creation environment (col.4, lines 20-31). Ablay also discusses the computer 
operating system must provide interoperability between the higher-level applications 
and the underlying computer hardware (col.5, lines 30-35) based on rules (col. 9, lines 
14-40). Thus, shows the operating system of a computer system supports interprocess 
communication that invokes service according to an application rule in a computer 
system. Ablay discloses a service creation environment is used to create logic program 
rules based on at least one service building block. The logic program rules indicate 
identification of an authorized service execution environment where any of the at least 
one service building block used in the logic program rules can be configured to be 
responsive to at least one predetermined stimulus. Ablay states that each time the logic 
program rules for a service are invoked in the execution environment by receipt of the 
predetermined stimulus is term an instance of the service (col. 2, line - col. 3, line 20). 

Therefore, it would have been obvious for a person of ordinary skills in the art at 
the time of the invention to combine the teachings of Teal with Ably to teach rules 
indicating which system services a given application can invoke because to provide the 
service within the system securely (col. 3, lines 17-23). 

As per claim 26: See col.4, lines 34-52 and col. 8, lines 53-67; discussing the method 
of claim 25, wherein said registering step includes supplying rules specifying particular 
communications from which the first application is to be protected. 
As per claim 27: See col. 3, lines 13-28 and col. 8, lines 1-7 and 53-67; discussing the 
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method of claim 26, wherein the interprocess communication controller determines 
whether to allow the attempt based, at least in part, upon the rules specifying particular 
communications from which the first application is to be protected. 
As per claim 28: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on; 
discussing the method of claim 25, wherein said detecting step includes intercepting 
operating system calls for accessing the first application. 

As per claim 29: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 
col. 3, lines 60-63 and col. 6, lines 10-15; discussing the method of claim 25, wherein 
said detecting step includes detecting a graphical device interface (GDI) message sent 
to the first application. 

As per claim 30: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 
col. 3, lines 13-28 and col. 8, lines 1-7 and 53-67; discussing the method of claim 29, 
wherein said identifying step includes evaluating parameters of the message sent to the 
first application. 

As per claim 31: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 
col. 3, lines 13-28 and col. 8, lines 1-7 and 53-67; discussing the method of claim 25, 
wherein said detecting step includes detecting an attempt to send keystroke data to a 
window of the first application. 

As per claim 32: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 
col. 3, lines 13-28 and col. 8, lines 1-7 and 53-67; discussing the method of claim 25, 
wherein said detecting step includes detecting an attempt to send mouse movement 
data to a window of the first application. 
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As per claim 33: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 
col. 5, lines 30-67 and col. 12, lines 39-60; discussing the method of claim 25, wherein 
said rerouting step includes rerouting the attempt to access the first application from a 
system dispatch table to the interprocess communication controller. 
As per claim 34: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on col. 5, 
lines 30-67 and col. 12, lines 39-60; discussing the method of claim 25, wherein said 
rules indicating whether the second application may access the first application includes 
rules indicating particular types of communications which are allowed. 
As per claim 35: See Teal on col. 16, lines 50-65 and Ably on col. 5, lines 30-67 and 
col. 12, lines 39-60; discussing the method of claim 25, further comprising: if the 
interprocess communication controller allows the attempt to access the first application, 
routing the attempt to the first application. 
As per claim 36: 

Ablay discloses a system for regulating interprocess communication between 
applications, the system comprising: 

a computer having at least one process, said computer system operating under 
control of an operating system supporting interprocess communication; (col. 12, lines 
60-62 and col. 16, lines 50-64) 

a policy specifying applications that are permitted to communicate with a first 
application using interprocess communication; (col. 14, lines 1-7 and col. 15, lines 25- 
31) 
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a module for detecting a second application attempting to communicate with the 
first application using interprocess communication; and (col. 10, lines 1-26) 

an interprocess communication controller for identifying the second application 
attempting to communicate with the first application and determining whether to permit 
the communication based upon the identification of the second application (col. 14, 
lines 8-10 and col. 16, lines 15-34) and the policy specifying applications permitted to 
communicate with the first application, (col. 13, lines 44-56 and col. 14, lines 60-67) 

Teal discloses the security manager may define different security policies for 
different groupings of individual computer resources in the proprietary computer network 
(col. 14, lines 55-67). However, Teal did not include rules indicating which system 
services a given application can invoke. 

Ablay discloses the service environment can be embodied within a stand alone 
computer (col. 3, lines 20-28) and a Windows NT operating system was used to provide 
the service creation environment (col.4, lines 20-31). Ablay also discusses the computer 
operating system must provide interoperability between the higher-level applications 
and the underlying computer hardware (col.5, lines 30-35) based on rules (col. 9, lines 
14-40). Thus, shows the operating system of a computer system supports interprocess 
communication that invokes service according to an application rule in a computer 
system. Ablay discloses a service creation environment is used to create logic program 
rules based on at least one service building block. The logic program rules indicate 
identification of an authorized service execution environment where any of the at least 
one service building block used in the logic program rules can be configured to be 
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responsive to at least one predetermined stimulus. Ablay states that each time the logic 
program rules for a service are invoked in the execution environment by receipt of the 
predetermined stimulus is term an instance of the service (col. 2, line - col. 3, line 20). 

Therefore, it would have been obvious for a person of ordinary skills in the art at 
the time of the invention to combine the teachings of Teal with Ably to teach rules 
indicating which system services a given application can invoke because to provide the 
service within the system securely (col. 3, lines 17-23). 

As per claim 37: See Ably on col. 3, lines 13-28 and col. 8, lines 1-7 and 53-67; 
discussing the system of claim 36, wherein said policy includes rules indicating 
particular types of communications which are permitted. 

As per claim 38: See Teal on col. 16, lines 50-65 and Ably on col. 3, lines 13-28 and 
col. 8, lines 1-7 and 53-67; discussing the system of claim 36, further comprising: a rules 
engine for specifying applications that are permitted to communicate with the first 
application using interprocess communication. 

As per claim 39: See Ably on col.4, lines 32-65 and col.5, lines 50-65; discussing the 
system of claim 36, further comprising: a registration module for establishing said policy. 
As per claim 40: See Ably on col.4, lines 32-65 and col.5, lines 50-65; discussing the 
system of claim 39, wherein said registration module provides for identifying 
applications to be governed by said policy. 

As per claim 41 : See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 
col. 3, lines 1-21 and col.5, lines 50-65; discussing the system of claim 36, wherein said 
module for detecting a second application detects an operating system call to open a 
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communication channel to the first application. 

As per claim 42: See Ably on col.3, lines 1-21 and col. 12, lines 39-60; discussing 

the system of claim 36, wherein said module for detecting a second application detects 

a graphical device interface (GDI) message sent to the first application. 

As per claim 43: See Teal on col. 10, lines 1-26 and Ably on col.3, lines 1-21 and 

col. 5, lines 50-65; discussing the system of claim 36, wherein said module for detecting 

a second application detects a local procedure call attempting to access the first 

application. 

As per claim 44: See Teal on col. 16, lines 1-5-62 and Ably on col.3, lines 1-21 and 
col. 8, lines 1-7 and 53-67; discussing the system of claim 36, wherein said module for 
detecting a second application redirects attempts to communicate with the first 
application to the interprocess communication controller. 

As per claim 45: See Teal on col. 10, lines 1-26 and Ably on col.3, lines 13-28 and 
col. 8, lines 1-7 and 53-67; discussing the system of claim 36, wherein said module for 
detecting a second application reroutes the attempt to communicate with the first 
application from a dispatch table to the interprocess communication controller. 
As per claim 46: See Teal on col. 16, lines 50-62 and Ably on col.3, lines 13-28 and 
col. 8, lines 1-7 and 53-67; discussing the system of claim 36, wherein said interprocess 
communication controller determines whether to permit the communication based, at 
least in part, upon evaluating parameters of the attempt made by the second application 
to communicate with the first application. 

As per claim 47: See Teal on col. 10, lines 1-26 and col. 14, lines 1-9 and Ably on 
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discussing the system of claim 36, wherein said interprocess communication controller 
determines whether to permit the communication based upon obtaining user input as to 
whether to permit the second application to communicate with the first application. 
Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Leynna T. Truvan whose telephone number is (571) 
272-3851 . The examiner can normally be reached on Monday - Thursday (7:00 - 
5:00PM). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/L. T. TV 

Examiner, Art Unit 2435 

/Kimyen Vu/ 
Supervisory Patent Examiner, Art Unit 2435 



